Mozilla Warns Clean GitHub Repositories Can Trick Claude Code Into Running Malware
2026-06-29
Windows Report | Error-free Tech Life

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.
Mozilla's 0DIN researchers demonstrated that attackers can exploit AI-powered coding assistants like Claude Code using indirect prompt injection. By embedding hidden prompts in seemingly clean GitHub repositories, attackers can trick the AI into executing malicious commands, granting remote access to developer machines and exposing sensitive data, without obvious malicious code.[AI generated]